Ansible batches modify root to irregular password
First, you need to add to the sudo configuration file of s-linuxad
s-linuxad ALL=(ALL) NOPASSWD:ALL
If not added, confirm that the above configuration is included in the server's /etc/sudoers configuration file
1.1 Create a script cc.sh in the local directory
#!/bin/bash
openssl rand -base64 8 > ~/openssl
PASS=`cat ~/.openssl`
echo $PASS |sudo passwd --stdin root
1.1.1配置ansible 的配置文件/etc/ansible/hosts
[s-linuxad@T-Ansible-v-szzb ansible]$ pwd
/etc/ansible
[s-linuxad@T-Ansible-v-szzb ansible]$ cat hosts
[nginx]
10.0.40.156
10.0.40.143
10.0.40.235
10.0.40.61
10.0.40.87
10.0.40.95
10.0.40.2241.2 Check whether the script is executed successfully. Whether the content of the openssl file is generated
Push the script to each server for execution:
ansible 'nginx' -m script -a '/home/s-linuxad/Carlton/cc.sh'
In the above command, nginx is an ansible module, which can be named by itself, such as test. If the command is test, the command will be changed to
ansible 'test' -m script -a '/home/s-linuxad/Carlton/cc.sh'
The result of the program running will be successful (SUCCESS) and unsuccessful. If it is successful, it can be modified directly. If it is unsuccessful, further processing is required.
10.0.2.198 | UNREACHABLE! => {
"changed": false,
"msg": "Failed to connect to the host via ssh: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).\r\n",
"unreachable": true
}
10.0.2.196 | SUCCESS => {
"changed": false,
"ping": "pong"
}
10.0.2.195 | SUCCESS => {
"changed": false,
"ping": "pong"
}
View the generated file is a password and can verify the password
ansible nginx -m shell -a "cat ~/.openssl"
You can append the result of running the above command to another folder
ansible nginx -m shell -a "cat ~/.openssl" >/tmp/file.txt
1.3. Edit the yml statement to extract the file and return it to the machine
[s-linuxad@T-Ansible-v-szzb ~]$ cat fetch-file.yml
---
- hosts: '{{myhosts}}'
remote_user: s-linuxad
tasks:
- name: fetch file
fetch:
src: ~/.openssl
dest: ~/fetch/openssl-{{ inventory_hostname }}
flat: yesyml statement format:
- hosts: all
remote_user: root
tasks:
- name: yum install screen
shell: yum install screen –yFile parsing: -hosts: all specifies that it takes effect on all hosts, remote_user represents the remote root, and tasks represents the task to be executed; the name displayed by name, followed by the shell: the command that needs to be executed on the remote client. You can write multiple commands separated by ; semicolons, for example shell: yum install screen -y ;mkdir /tmp/`date +%Y%m%d`
1.4 Running the command
ansible-playbook fetch-file.yml -e "myhosts=nginx"
Batch recover file passwords to the fetch directory under the home directory
1.5 Batch delete password files of other servers.openssl
ansible nginx -m shell -a "rm -f ~/.openssl"
2. Batch change user account passwords
The premise of batch modification must be that no key is successfully established
[s-linuxad@T-Ansible-v-szzb Carlton]$ cat s-linuxad.sh
#!/bin/bash
PASS=123456
#SUBPASS=`echo ${PASS:0:16}`
echo $PASS |sudo passwd --stdin s-linuxad
[s-linuxad@T-Ansible-v-szzb Carlton]$ cat nagios.sh
#!/bin/bash
PASS=12345676
#SUBPASS=`echo ${PASS:0:16}`
echo $PASS |sudo passwd --stdin nagios
[s-linuxad@T-Ansible-v-szzb Carlton]$ ansible 'nginx' -m script -a '/home/s-linuxad/Carlton/nagios.sh'